As federal deadlines loom for states to upgrade their voting systems, authorities including the FBI probe an intrusion into a computer network at VoteHere, a maker of electronic-voting software.
VoteHere, a 7-year-old company in Bellevue, Wash., on Tuesday confirmed reports that its network had been breached in October. The company identified a suspect and said it turned the case over to the FBI, the Secret Service and the U.S. Attorney's office for an investigation that is ongoing.
"This is a crime," said VoteHere Chief Executive Jim Adler. "This is about breaking and entering and stealing."
It's also, e-voting critics would say, about security.
The story of VoteHere's network breach, reported Monday by MSNBC and the Associated Press, is likely to play into a lively debate over the security and reliability of electronic voting systems. That debate has risen in pitch as federal deadlines loom for states to upgrade their voting systems, and e-voting systems provider Diebold has become a lightning rod for criticism for its own series of woes relating to security, partisan comments by its CEO and other issues.
Still, Adler sought to portray the intrusion as evidence the system is working, because the break-in was quickly detected and investigated.
"What this demonstrates is that you cannot protect a system from outside attack," said Adler. "People draw the wrong conclusion, that because there was this intrusion, therefore you can't have confidence in e-voting. But the confidence comes from understanding and believing that nothing was compromised. And if it was, you want to make sure it was detected."
Citing the criminal investigation, Adler declined to say what the intruder might have taken before being caught. He also called that aspect of the incident immaterial.
"We don't really care what this guy got," said Adler. "Security doesn't rely on the secrecy of the algorithms. We're all a bunch of cryptos (cryptographers) over here, so we know there's no security through obscurity."
VoteHere has tentatively linked the suspect to a number of advocacy groups critical of electronic voting systems. The company declined to identify the suspect or the groups, again citing the investigation.
The FBI said the case was being handled by a federal and local multi-agency group called the Northwest Cybercrime Task Force. No suspects have been charged yet in the case.
VoteHere, which has posted some of its technical documents to the Web at VerifiedVoting.org, and has pledged to reveal the source code to its software when it completes an internal review within months, said no elections were compromised in the intrusion.
The company's verification software works on top of other voting systems. So far only Sequoia Systems has licensed the technology, but has not yet implemented it.